Internet2 is investigating a security incident involving a compromise to a confluence server that affected https://spaces.at.internet2.edu on April 10, 2019, which was successfully mitigated on April 12, 2019. If you did not receive an email from us, it’s unlikely that any of the content you submitted to the Internet2 Spaces Wiki needs to be re-entered. We apologize for any inconvenience this may have caused. Should you have any questions or require further assistance, please email collaboration-support@internet2.edu.
Child pages
  • Maintaining Supported Software
Skip to end of metadata
Go to start of metadata

Recommended Practice

  • Appropriate staff monitor "security" and/or "announce" mailing lists for critical software.
  • Software versions are reasonably current and upgraded ahead of "End of Life" dates.

Federation software relies on an extensive technology stack. As with all web-based software, vulnerabilities can be introduced in many places, and a security flaw on one site can lead to the exposure of another. This is particularly true when web authentication software is involved.

In addition, as a still-evolving and expanding technology, federation is not yet an area for "install and forget" technology management. New use cases and new best practices continue to emerge, and federation software, if viable, will continue to evolve to address these new requirements.

Carefully consider strategies for maintaining currency in your:

  • Operating Systems
  • Web Servers
  • Java or other Application Servers (if applicable)
  • Federation Software

Avoid big-bang upgrades crossing multiple significant versions. Ensure staff are monitoring the appropriate mailing lists to stay abreast of security issues and patches. In general, treat your environment the way you would treat any mission-critical system.

  • No labels